Electronic commerce (e-commerce), such as purchase transactions and banking, and electronic communications, can be performed using an electronic device such as a desktop computer, a tablet computer, e.g. an iPad®, or a smart phone, e.g. an iPhone®. To securely perform these functions, a computing device can use cryptographic keys and authentication credentials to verify the identity of the user and establish a secure communication or transaction channel. A computing device can further verify identity of a user and/or identity of a computing device of the user by correlating one or more cryptographic keys, user authentication credentials, and attributes of a particular computing device of the user, such as an operating system version, computing device unique identifier, or other information.
One way to identify a computing device is to use a hardware reference key (HRK). A hardware reference key can be an asymmetric key pair, having a public key portion, that can be used to identify a particular computing device, a class of computing device using a particular processor configuration, and/or an operating system version used by the computing device. An e-commerce service can store both the hardware reference key and the user authentication credentials, such as a username and a passcode. A service can, for example, store the public key portion of the hardware reference key for the computing device along with the user authentication credentials. When a user attempts to access the service at a later time, the service may allow the computing device to access the services provided using the hardware reference key in lieu of requiring re-entry of user authentication credentials.
Computing devices in the prior art are not able to attest to the validity of their own hardware reference keys.